XAuth critiques
SitG Admin
sysadmin at shadowsinthegarden.com
Mon Jun 7 20:13:05 UTC 2010
>You're mis-characterizing the arguments here -- please read my blog post.
Read it. Intent differs from effect. Breaking privacy to encourage
browsers to fix it for you is provocative, whether meant to be so or
not.
>That's fine, I'm just warning people that there's a larger echo
>chamber effect beyond this one thread.
Thanks. I was only aware of xAuth to the extent that it has been
mentioned on these (OpenID) lists.
>I disagree that XAuth, as a protocol that people can agree to start
>using, is centralized. The initial _implementation_ relies on a
>central DNS name, but that is an accident of today's browser
>limitations. That's a huge difference from saying that it's
>inherently centralized.
Agreed. I wasn't trying to say that it was *inherently* centralized,
though this was my understanding of Eran's point originally; in my
follow-up, I meant exactly what you said, that it starts this way
(hence the "provoking browser vendors to fix it" bit).
-Shade
More information about the specs
mailing list